Sec, blogmal! - rev-eng - psi-password



Januar '17



Thu, 11 Aug 2005

Random ramblings about PSI, the jabber client

This is Blog-Repost: I did this earlier than the above Date suggests :)

PSI is a nice jabber client which I use mostly for work and also for some private contacts.

I had forgotten my jabber password, which was saved in PSI. I needed it to test another jabber client, so I wanted it back. But no, they had to make it unnecessarily hard. There is a commercial program to recover it, it is called AIMPR (Advanced IM Password Recovery) - But I dislike paying money for this.

So had to spend quite some time until i found the solution. I present it here, so others don't have to spend their time.

How to recover your jabber password from PSI.

  1. Search for your config.xml
  2. Extract the <jid> and <password> part from within your <account> group
  3. Decrypt by interpreting the password as hex 16bit-unicode, and XORing it to the jid.

If you have only Ascii characters in your password, you can try this line of perl:

perl -le '($jid,$pw)=@ARGV;$pw=~s/..(..)/chr hex$1/ge; \
          print substr($pw^$jid,0,length$pw)'  \
          user@jabber.server 000100020003007e

This information is relevant for PSI 0.92 - The author seemed displeased with me disclosing this information, so expect the algorithm to change.

Have fun.


P.S.: (added 2005-08-02)
WARNING: As it stands, PSI 0.10 and newer versions will remove saving of PGP passphrases completely. This means they will delete your PGP passphrase from the config file without notice!

The jabber password is still obfuscated the same way last time I checked.

P.P.S.: (added 2007-03-20)
There are of course other ways to recover the password. But I have to say, my method is much simpler and quicker :-)

P.P.P.S.: (added 2010-09-01)
This still works with PSI 0.13, although the config file name has changed to accounts.xml

posted at: 18:28 | Category: /rev-eng | permanent link to this entry | 33 comments (trackback)

Your Comment
URL/Email: [http://... or mailto:you@wherever] (optional)
Title: (optional)
Save my Name and URL/Email for next time
(Note that comments will be rejected unless you enter 42 in the following box: )

powered by blosxom
in 0.00 s